High severity7.8NVD Advisory· Published Jan 11, 2017· Updated May 6, 2026

CVE-2017-2967

Description

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the XFA engine related to a form's structure and organization. Successful exploitation could lead to arbitrary code execution.

Affected products

Adobe Inc./Acrobat
cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
Range: <=11.0.18
Adobe Inc./Acrobat Dc2 versions
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*+ 1 more
- cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*range: <=15.006.30244
- cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*range: <=15.020.20042
Adobe Inc./Acrobat Reader Dc2 versions
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*+ 1 more
- cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*range: <=15.006.30244
- cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*range: <=15.020.20042
Adobe Inc./Reader
cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*
Range: <=11.0.18
N/a/Adobe Acrobat Reader 15.020.20042 And Earlier, 15.006.30244 And Earlier, 11.0.18 And Earlier.v5
Range: Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

helpx.adobe.com/security/products/acrobat/apsb17-01.htmlnvdPatchVendor Advisory
www.securityfocus.com/bid/95345nvd
www.securitytracker.com/id/1037574nvd
www.zerodayinitiative.com/advisories/ZDI-17-031nvd

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000